A Business Perspective on Promoting Cybersecurity. Art Reilly Cisco Systems For the ICC

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Business Perspective on Promoting Cybersecurity. Art Reilly Cisco Systems For the ICC"

Transcription

1 A Business Perspective on Promoting Cybersecurity Art Reilly Cisco Systems For the ICC

2 Topics Culture of Cybersecurity Role of Business Cooperation with the Stakeholders ICC Companion documents to the OECD Security Guidelines ICC Companion to OECD Security Guidelines What Should be Known What Should be Done Summary

3 Culture of Cybersecurity Everyone has a role in improving global cybersecurity Each participant has appropriate security responsibilities and behaviors depending on their role and situation Security-improving behaviors should become intuitive, and as automatic and common-sense as looking both ways before crossing the street

4 Role of Business All stakeholders have a role Business as the principal innovator, developer, and provider of ICT, and a significant user of ICT has a broader role Business can be a developer, implementer and user of security technology, practices and policies Business can help to ensure that security is designed into products, promote the use of security technology, provide information and assistance in the secure the configuration and implementation of technology, and raise awareness of its customers about the importance of security and steps they can take to develop a culture of security

5 Cooperation with other Stakeholders All Stakeholders depend upon each other s security assurances Global Information Society; Global Marketplace Raising security awareness is in business interest Global connectiveness Security is the essential building block in the development of trust and confidence in ICT use Business must outreach to others: customers, governments, civil society organizations, and international organizations, e.g. Voluntary sharing of appropriate information about incidents Addressing issues of cybercrime and raising public and industry awareness Working with users to better understand whether there is appropriate and understandable information on security features ICC stands ready to organize, participate and facilitate in such cooperative activities

6 ICC Companion Documents to OECD Security Guidelines Information security assurance for executives An international business companion to the 2002 OECD Guidelines Securing your business A companion for small and enterprise companies to the 2002 OECD Guidelines

7 Foundation Principles ICC Security Awareness what should be known Responsibility what should be done Response how should security incidents be reacted to in a timely and cooperative way Social Principles Ethics what is appropriate in behavior that affects others Democracy general respect for rights and freedoms

8 ICC Security Security Lifecycle Principles Risk assessment understand threats and vulnerabilities to systems, processes and employees Security design and implementation how to select and deploy hardware and software Security management managing security over time and throughout the business Reassessment security is a continuing process, not a one-time solution

9 What Should be Known Understanding the importance of information to a business security related assets how assets are used, by whom and for what reason security management broader obligations

10 What Should be Done Security Policy Security Standards and Practices On-going Security Education

11 Summary All stakeholders have a role in creating a Culture of Cybersecurity Business has a broad role to play due to its wide range of activities in the Information Society Cooperation among all stakeholders is important; ICC stands ready to organize, participate and facilitate in such cooperative activities Security is a continuing process, not a one-time solution

Working Party on Information Security and Privacy

Working Party on Information Security and Privacy Unclassified DSTI/ICCP/REG(2003)5/REV1 DSTI/ICCP/REG(2003)5/REV1 Unclassified Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development 02-Jul-2003

More information

Information security assurance for executives

Information security assurance for executives The world business organization Information security assurance for executives An international business companion to the 2002 OECD Guidelines for the security of networks and information systems: Towards

More information

National Cyber Security Strategies: United States

National Cyber Security Strategies: United States National Cyber Security Strategies: United States Audrey L. Plonk Director, Cybersecurity and Internet Governance Intel Corporation 1 ICSS 2013 Trends: National Cybersecurity Strategies New strategies

More information

Future of the Internet Cyber Security

Future of the Internet Cyber Security Future of the Internet Cyber Security Issue Leader (Asia/Oceania): Shigemi Tamura Chairman Tokyo Electric Power Company (TEPCO) November, 2003 Implementing a Culture of Security New issues in cyber security

More information

Cyber Stability 2015 Geneva, 09 July 2015. African Union Perspectives on Cybersecurity and Cybercrime Issues.

Cyber Stability 2015 Geneva, 09 July 2015. African Union Perspectives on Cybersecurity and Cybercrime Issues. Cyber Stability 2015 Geneva, 09 July 2015 African Union Perspectives on Cybersecurity and Cybercrime Issues. FACTS AND FIGURES As African countries increase access to broadband Internet, issues relating

More information

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union ALL ALL Cybersec rsecurity for ITU s Work for a Safer World International Telecommunication Union ITU as a Forum for International Cooperation in Cybersecurity ITU Secretary-General has identified Cybersecurity

More information

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined

More information

SRO-EA s Cyber security Initiatives in Eastern Africa

SRO-EA s Cyber security Initiatives in Eastern Africa UNECA Sub Regional Office For Esatern Africa SRO-EA 2010 EAIGF 11-13 August 2010, Kampala, Uganda SRO-EA s Cyber security Initiatives in Eastern Africa Mr Mactar SECK United Nations ECA SRO- EA Key Categories

More information

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS INTER-AMERICAN COMMITTEE AGAINST TERRORISM (CICTE) TWELFTH REGULAR SESSION OEA/Ser.L/X.2.12 7 March, 2012 CICTE/DEC.1/12 rev. 1 Washington, D.C.

More information

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security PROPOSAL 20 Resolution 130 of Marrakesh on the role of ITU in information and network security Submitted by the following Member States: Germany (Federal Republic of), Austria, Belarus (Republic of), Bulgaria

More information

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything

More information

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION 1. Introduction E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION Australia s national security and economic and social well-being rely upon the use and availability of a range of Information

More information

Information Security Assurance for Executives

Information Security Assurance for Executives Information Security Assurance for Executives An International Business Commentary on the 2002 OECD Guidelines for the Security of Networks and Information Systems: Towards a Culture of Security October

More information

RESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES

RESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES RESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES Purpose and Scope The purpose of the Security Code of Management Practices is to help protect people, property, products, processes, information and

More information

BSA GLOBAL CYBERSECURITY FRAMEWORK

BSA GLOBAL CYBERSECURITY FRAMEWORK 2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access

More information

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, 28-29 JUNE 2011 The Seoul Declaration on the Future of the Internet Economy adopted at the 2008 OECD

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT Presenter: C. MASIGA Event: ICT PITSO 2015 Date: 25/08/15 PRESENTATION OUTLINE Current Situational Analysis Remedial Actions for CSA Expected Benefits

More information

NIST Cyber Security Activities

NIST Cyber Security Activities NIST Cyber Security Activities Dr. Alicia Clay Deputy Chief, Computer Security Division NIST Information Technology Laboratory U.S. Department of Commerce September 29, 2004 1 Computer Security Division

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

ENTERPRISE IT SERVICE MANAGEMENT BUREAU OF ENTERPRISE SYSTEMS AND TECHNOLOGY ENTERPRISE SERVICE DESCRIPTION FOR. Ocotber 2012

ENTERPRISE IT SERVICE MANAGEMENT BUREAU OF ENTERPRISE SYSTEMS AND TECHNOLOGY ENTERPRISE SERVICE DESCRIPTION FOR. Ocotber 2012 S T A T E O F C O N N E C T I C U T BUREAU OF ENTERPRISE SYSTEMS AND TECHNOLOGY ENTERPRISE SERVICE DESCRIPTION FOR ENTERPRISE IT SERVICE MANAGEMENT (Featuring Numara Footprints Service and Asset Management)

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial

More information

European priorities in information security

European priorities in information security European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria

More information

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

University of Central Florida Class Specification Administrative and Professional. Information Security Officer Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team

More information

MEDICAL DEVICE Cybersecurity.

MEDICAL DEVICE Cybersecurity. MEDICAL DEVICE Cybersecurity. 2 MEDICAL DEVICE CYBERSECURITY Introduction Wireless technology and the software in medical devices have greatly increased healthcare providers abilities to efficiently and

More information

ITU National Cybersecurity/CIIP Self-Assessment Tool

ITU National Cybersecurity/CIIP Self-Assessment Tool ITU National Cybersecurity/CIIP Self-Assessment Tool ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector April 2009 Revised Draft For

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

Abstract Introduction What Does Industry Need?

Abstract Introduction What Does Industry Need? Connecting Information Systems and Cybersecurity Education with the Demands for Cybersecurity Experts in Modern Firms Jason G. Caudill, PhD Associate Professor of Business King University Abstract: The

More information

Integrating web application security control in the system development lifecycle

Integrating web application security control in the system development lifecycle Integrating web application security control in the system development lifecycle Chester Soong, CISSP-ISSAP, ISSMP, CISA Managing Director Security Consulting Services Ltd. What are the Challenges Application

More information

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013 Cybersecurity and the Cloud 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013 Well, I'll hazard I can do more damage on my laptop sitting in my

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

Release: 1. BSBMKG519 Plan and implement business-to-business marketing

Release: 1. BSBMKG519 Plan and implement business-to-business marketing Release: 1 BSBMKG519 Plan and implement marketing BSBMKG519 Plan and implement marketing Date this document was generated: 14 January 2016 BSBMKG519 Plan and implement marketing Modification History Release

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area CODE OF CORPORATE GOVERNANCE INTRODUCTION Corporate Governance is a term used to describe how organisations direct and control what they do. As well as systems and processes this includes cultures and

More information

Applying IBM Security solutions to the NIST Cybersecurity Framework

Applying IBM Security solutions to the NIST Cybersecurity Framework IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements

More information

BYOD (Bring Your Own Device)

BYOD (Bring Your Own Device) BYOD (Bring Your Own Device) Agenda Set the scene BYOD raising many questions Structured & Integrated answers Belgacom Entreprise Mobility Belgacom Mobile Device Management Sensitivity : "Unrestricted",

More information

Michael Yakushev PIR-Center, Moscow (Russia)

Michael Yakushev PIR-Center, Moscow (Russia) Michael Yakushev PIR-Center, Moscow (Russia) Terminological conflict: Cyber-Security, Internet Governance etc. Legal conflict (gap): lack of globally recognized legal instruments Organizational conflict:

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

NOT PROTECTIVELY MARKED. A087 Version 1.0

NOT PROTECTIVELY MARKED. A087 Version 1.0 POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Vulnerability & Patch Management POLICY REFERENCE NUMBER A087 Version 1.0 POLICY OWNERSHIP DIRECTORATE

More information

CEPOL Cybercrime forensics & digital evidence course

CEPOL Cybercrime forensics & digital evidence course CEPOL Cybercrime forensics & digital evidence course Role of eu-lisa on the Cybersecurity: Present and Future Perspectives Role of eu-lisa on the Cybersecurity: Present and Future Perspectives Tallinn

More information

Cyber Security Recommendations October 29, 2002

Cyber Security Recommendations October 29, 2002 Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown

More information

ISO 14001:2015 Client Transition Checklist

ISO 14001:2015 Client Transition Checklist ISO 14001:2015 Client Transition Checklist How to use this document: It is not mandatory to use this document. It is a guide to give you an indication of your readiness for audit against ISO 14001:2015.

More information

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique Second Cyber Security Summit, November 11, 2013 in Bonn Final communique On November 11, the Cyber Security Summit was held for the second time in Bonn at the invitation of the Munich Security Conference

More information

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE CYBER SECURITY AND INFORMATION ASSURANCE RESEARCH AND DEVELOPMENT SENIOR STEERING GROUP OF THE FEDERAL NETWORKING AND INFROMATION TECHNOLOGY

More information

Treasury Department Summary Report to the President on. Cybersecurity Incentives Pursuant to Executive Order 13636

Treasury Department Summary Report to the President on. Cybersecurity Incentives Pursuant to Executive Order 13636 Treasury Department Summary Report to the President on Cybersecurity Incentives Pursuant to Executive Order 13636 1 SUMMARY REPORT AND RECOMMENDATIONS The cyber threat to our nation s critical infrastructure

More information

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922. CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS 1 Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.8761 Overview Cybersecurity Policy Overview Questions Challenge #1 -

More information

Security Engineering Best Practices. Arca Systems, Inc. 8229 Boone Blvd., Suite 750 Vienna, VA 22182 703-734-5611 ferraiolo@arca.com.

Security Engineering Best Practices. Arca Systems, Inc. 8229 Boone Blvd., Suite 750 Vienna, VA 22182 703-734-5611 ferraiolo@arca.com. Tutorial: Instructor: Topics: Biography: Security Engineering Best Practices Karen Ferraiolo, Arca Systems, Inc. 8229 Boone Blvd., Suite 750 Vienna, VA 22182 703-734-5611 ferraiolo@arca.com This tutorial

More information

Enhancing Business Performance Through Innovative Technology Solutions

Enhancing Business Performance Through Innovative Technology Solutions Enhancing Business Performance Through Innovative Technology Solutions Contact Center = Customer Experience FIELD SERVICE Customer Service BACK OFFICE CONTACT CENTER BRANCH OFFICE Help Desk HR Finance

More information

Indicator Protocols Set Product Responsibility (PR)

Indicator Protocols Set Product Responsibility (PR) IP Indicator Protocols Set Product Responsibility (PR) 2000-2006 GRI Version 3.0 2000-2006 GRI Version 3.0 Indicator Protocols Set: PR IP Product Responsibility Performance Indicators Aspect: Customer

More information

Automate Risk Management Framework

Automate Risk Management Framework Automate Risk Management Framework Providing Dynamic Continuous Monitoring, Operationalizing Cybersecurity and Accountability for People, Process and Technology Computer Network Assurance Corporation (CNA)

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

NIST Cybersecurity Framework. ARC World Industry Forum 2014

NIST Cybersecurity Framework. ARC World Industry Forum 2014 NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy

More information

Cybersecurity for ALL

Cybersecurity for ALL Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities UNECE International Conference on Technological Readiness for Innovationbased Competitiveness 30 in Geneva, Switzerland Christine Sund

More information

Chair Cabinet Committee on State Sector Reform and Expenditure Control

Chair Cabinet Committee on State Sector Reform and Expenditure Control Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION

More information

Washington Metropolitan Area Transit Authority Board Action/Information Summary

Washington Metropolitan Area Transit Authority Board Action/Information Summary Washington Metropolitan Area Transit Authority Board Action/Information Summary Action Information MEAD Number: 100007 Resolution: Yes No TITLE: IT Data Security Assessment PURPOSE: The purpose of this

More information

Specific comments on Communication

Specific comments on Communication Comments on Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An Open,

More information

Cybersecurity @ ITU. Carla Licciardello Policy Analyst Carla.licciardello@itu.int. www.itu150.org

Cybersecurity @ ITU. Carla Licciardello Policy Analyst Carla.licciardello@itu.int. www.itu150.org Cybersecurity @ ITU Carla Licciardello Policy Analyst Carla.licciardello@itu.int www.itu150.org Where are we coming from Specialized agency of the UN for telecommunications and ICTs Some more info about

More information

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE AIIA Response 14 November 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

Information Security Guideline for NSW Government Part 1 Information Security Risk Management

Information Security Guideline for NSW Government Part 1 Information Security Risk Management Department of Commerce Guidelines Information Security Guideline for NSW Government Part 1 Information Security Risk Management Issue No: 3.2 First Published: Sept 1997 Current Version: Jun 2003 Table

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

Cyber Security Organisational Standards. Guidance

Cyber Security Organisational Standards. Guidance Cyber Security Organisational Standards Guidance April 2013 Contents Contents...2 Overview...3 Background...4 Definitions...5 Presentation and Layout...6 Submissions Guidance...7 Acceptance Criteria...8

More information

engagement will not only ensure the best possible law, but will also promote the law s successful implementation.

engagement will not only ensure the best possible law, but will also promote the law s successful implementation. US-China Business Council Comments on The Draft Cybersecurity Law On behalf of the approximately 210 members of the US-China Business Council (USCBC), we appreciate the opportunity to provide comments

More information

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI CGI Cyber Protection & Resilience Solutions Optimized risk management and protection

More information

Strategy and Planning Activities Developing an Effective GIS Business Case

Strategy and Planning Activities Developing an Effective GIS Business Case Strategy and Planning Activities Developing an Effective GIS Business Case Presented by Kate Taylor, PMP 2-1 Strategy & Planning Activities Strategy & Planning Analysis & Design Development Deployment

More information

Bradford J. Willke, CISSP

Bradford J. Willke, CISSP Engineering National Cybersecurity and Critical Information Infrastructure Protection Bradford J. Willke, CISSP 16 October 2007 ITU Regional Workshop Buenos Aires, Argentina Overview Purpose: This session

More information

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49.

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49. Safeguards Frameworks and Controls Theory of Secure Information Systems Features: Safeguards and Controls Richard Baskerville T 1 F 1 O 1 T 2 F 2 O 2 T 3 F 3 O 3 T 4... T n...... F l O m T F O Security

More information

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 European Union Agency for Network and Information Security Summary 1 Presentation

More information

Part A) I. Focus areas from the perspective of the German Government s on automated and connected driving

Part A) I. Focus areas from the perspective of the German Government s on automated and connected driving Cybersecurity and data protection Part A) Focus areas for presentation at the IG ITS/AD meeting in November 2015 Part B) Issues for discussion Part C) Preliminary Draft proposal for Guidelines on measures

More information

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com Experience the commitment white paper Information Security Continuous Monitoring Charting the Right Course cgi.com Hacking, malware, distributed denial of service attacks, insider threats and other criminal

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Collaborative, Standards-Based Approaches to Improving Cybersecurity

Collaborative, Standards-Based Approaches to Improving Cybersecurity Collaborative, Standards-Based Approaches to Improving Cybersecurity ISACA-NCAC Annual Meeting May 24, 2016 Kevin Stine Kevin.Stine@nist.gov National Institute of Standards and Technology (NIST) About

More information

ITIL Foundation in IT Service Management

ITIL Foundation in IT Service Management ITIL Foundation in IT Service Management Course Description: This course provides comprehensive first-level training for anyone involved in provision, support, and delivery of IT Services. The ITIL Framework

More information

Data Centric Security: The Village Idiot lives in the Castle

Data Centric Security: The Village Idiot lives in the Castle Data Centric Security: The Village Idiot lives in the Castle Michael A. Davis Chief Executive Officer Savid Technologies, Inc. http://www.savidtech.com Copyright 2011Savid Technologies, Inc. All Rights

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is

More information

Department of Information and Technology Management

Department of Information and Technology Management INFOTEC Overview Department of Information and Technology Management Introduction The Information and Technology Management Department (INFOTEC) is responsible for providing modern, secure, fit for purpose

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

Release: 1. ICTNWK607 Design and implement wireless network security

Release: 1. ICTNWK607 Design and implement wireless network security Release: 1 ICTNWK607 Design and implement wireless network security ICTNWK607 Design and implement wireless network security Modification History Release Release 1 Comments This version first released

More information

JOB DESCRIPTION. I.C.T Application Systems & Workflow Manager

JOB DESCRIPTION. I.C.T Application Systems & Workflow Manager JOB DESCRIPTION POST: LOCATION: Service Level Manager Belfast City Hospital GRADE: Band 6 REPORTS TO: RESPONSIBLE TO: I.C.T Application Systems & Workflow Manager I.C.T Service Delivery Manager JOB SUMMARY/MAIN

More information

ICA60311 Advanced Diploma of Information Technology Business Analysis

ICA60311 Advanced Diploma of Information Technology Business Analysis ICA60311 Advanced Diploma of Information Technology Business Analysis Release: 1 ICA60311 Advanced Diploma of Information Technology Business Analysis Modification History Release Release 1 Comments This

More information

Cyber security Country Experience: Establishment of Information Security Projects.

Cyber security Country Experience: Establishment of Information Security Projects. Cyber security Country Experience: Establishment of Information Security Projects. Mr. Vincent Museminali vincent.museminali@rura.rw Internet and New media regulations Rwanda Utilities Regulatory Authority

More information

Department of Homeland Security Federal Government Offerings, Products, and Services

Department of Homeland Security Federal Government Offerings, Products, and Services Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity

More information

Pacific Islands Telecommunications Association

Pacific Islands Telecommunications Association Pacific Islands Telecommunications Association 8 th Fl, Dominion Hse PHONE : (679) 331 1638 PO BOX 2027, Govt Bldg FAX : (679) 330 8750 SUVA, FIJI Islands E-mail: pita@connect.com.fj www.pita.org.fj INVITATION

More information

Testing the Security of your Applications

Testing the Security of your Applications Home Safeguarding Business Critical Testing the of your Applications Safeguarding business critical systems and applications 2 Safeguarding business critical systems and applications Organizations are

More information

Billing Code: 3510-EA

Billing Code: 3510-EA Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]

More information

Honourable members of the National Parliaments of the EU member states and candidate countries,

Honourable members of the National Parliaments of the EU member states and candidate countries, Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Data Masking Best Practices

Data Masking Best Practices Data Masking Best Practices 1 Information Security Risk The risk that sensitive information becomes public 2 Information Security Risk Government systems store a huge amount of sensitive information Vital

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT

GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT Introduction 1. On 16 and 17 April 2015 representatives of governments, international organisations, businesses, civil society, academia and the technical

More information

The Challenges of Securing the Internet of Things (IoT) at Scale

The Challenges of Securing the Internet of Things (IoT) at Scale The Challenges of Securing the Internet of Things (IoT) at Scale Ulf Lindqvist, Ph.D. Program Director, SRI International Chair, IEEE Computer Society s Technical Committee on Security and Privacy Vice

More information

2 The changing telecommunication/ict environment and its implications for the Union

2 The changing telecommunication/ict environment and its implications for the Union 1 Introduction 1.1 Now, more than ever, the telecommunication/information and communication technology (ICT) industry is undergoing a profound transformation with far-reaching consequences. The development

More information